Browser Autofill Profiles Can Be Abused for Phishing Attacks

Browser autofill profiles are a reliable phishing vector that allow attackers to collect information from users via hidden fields, which the browser automatically fills with preset personal information and which the user unknowingly sends to the attacker when he submits a form.Autofill profiles are a recent addition to modern-day browsers. This feature works by allowing the user to create a profile that holds different details about himself that he usually enters inside web forms.When the user has to fill in a form in the future, he can simply select an autofill profile and his browser will enter the preset information in all form fields, sparing the user the time he would have needed to type in 10, 20 or more fields.Browser autofill profiles should not be confused with form field autofilling behavior, which allows a user to fill in one form field at a time with data he previously entered in those fields. Autofill profiles allow users to fill in entire forms with one click.

Source: Browser Autofill Profiles Can Be Abused for Phishing Attacks

Categories: Uncategorized

Post navigation

Comments are closed.

Create a free website or blog at

%d bloggers like this: